https://ai-blog.noorshomelab.dev/tags/enterprise-security/Recent content in Enterprise Security on AI VOIDHugoenTue, 30 Dec 2025 00:00:00 +0000https://ai-blog.noorshomelab.dev/cheatsheets/palo-alto-panos-cheatsheet/Tue, 30 Dec 2025 00:00:00 +0000https://ai-blog.noorshomelab.dev/cheatsheets/palo-alto-panos-cheatsheet/<p>This cheatsheet provides a concise, practical reference for Palo Alto Networks Firewall administrators, covering essential PAN-OS concepts, CLI commands, GUI tasks, and troubleshooting tips for real-world enterprise environments. Information is current as of December 2025, primarily referencing PAN-OS 11.1+.</p> <h2 id="quick-reference-most-used-commands">Quick Reference: Most Used Commands</h2> <table> <thead> <tr> <th>Command/Method</th> <th>Description</th> <th>Example</th> </tr> </thead> <tbody> <tr> <td><code>configure</code></td> <td>Enters configuration mode.</td> <td><code>configure</code></td> </tr> <tr> <td><code>commit</code></td> <td>Saves and applies pending configuration changes.</td> <td><code>commit force</code></td> </tr> <tr> <td><code>show system info</code></td> <td>Displays general system information.</td> <td><code>show system info</code></td> </tr> <tr> <td><code>show session all filter application &lt;app-name&gt;</code></td> <td>Shows active sessions filtered by application.</td> <td><code>show session all filter application ssl</code></td> </tr> <tr> <td><code>test security-policy-match source &lt;src-ip&gt; destination &lt;dst-ip&gt; destination-port &lt;port&gt; application &lt;app&gt;</code></td> <td>Tests which security policy rule matches specific traffic.</td> <td><code>test security-policy-match source 10.1.1.10 destination 192.168.1.50 destination-port 443 application ssl</code></td> </tr> <tr> <td><code>clear session all</code></td> <td>Clears all active sessions (use with caution).</td> <td><code>clear session all</code></td> </tr> <tr> <td><code>ping host &lt;ip-address&gt;</code></td> <td>Pings a host from the firewall.</td> <td><code>ping host 8.8.8.8</code></td> </tr> <tr> <td><code>traceroute host &lt;ip-address&gt;</code></td> <td>Traces the route to a host.</td> <td><code>traceroute host 8.8.8.8</code></td> </tr> <tr> <td><code>debug flow basic</code></td> <td>Starts basic packet flow debugging.</td> <td><code>debug flow basic</code></td> </tr> <tr> <td><code>request restart system</code></td> <td>Restarts the firewall system.</td> <td><code>request restart system</code></td> </tr> </tbody> </table> <hr> <h2 id="basic-operations--system-management">Basic Operations &amp; System Management</h2> <h3 id="cli-modes">CLI Modes</h3> <table> <thead> <tr> <th>Mode</th> <th>Prompt</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><strong>Operational</strong></td> <td><code>&gt;</code></td> <td>Default mode for monitoring, troubleshooting, and system requests.</td> </tr> <tr> <td><strong>Configuration</strong></td> <td><code>#</code></td> <td>For making configuration changes. Entered via <code>configure</code>.</td> </tr> <tr> <td><strong>Paging</strong></td> <td><code>--More--</code></td> <td>Appears when output exceeds screen size. Press <code>Space</code> for next page, <code>q</code> to quit.</td> </tr> </tbody> </table> <h3 id="basic-system-commands">Basic System Commands</h3> <table> <thead> <tr> <th>Command/Method</th> <th>Description</th> <th>Example</th> </tr> </thead> <tbody> <tr> <td><code>show system info</code></td> <td>Displays hardware, software, and license details.</td> <td><code>show system info</code></td> </tr> <tr> <td><code>show clock</code></td> <td>Shows current system time.</td> <td><code>show clock</code></td> </tr> <tr> <td><code>set system hostname &lt;name&gt;</code></td> <td>Sets the firewall&rsquo;s hostname.</td> <td><code>set system hostname PA-FW-01</code></td> </tr> <tr> <td><code>set system timezone &lt;zone&gt;</code></td> <td>Configures the system timezone.</td> <td><code>set system timezone America/New_York</code></td> </tr> <tr> <td><code>request license fetch</code></td> <td>Fetches licenses from Palo Alto Networks.</td> <td><code>request license fetch</code></td> </tr> <tr> <td><code>request software check</code></td> <td>Checks for available PAN-OS updates.</td> <td><code>request software check</code></td> </tr> <tr> <td><code>request software install version &lt;version&gt;</code></td> <td>Installs a specific PAN-OS version.</td> <td><code>request software install version 11.1.0</code></td> </tr> <tr> <td><code>request restart system</code></td> <td>Restarts the firewall.</td> <td><code>request restart system</code></td> </tr> <tr> <td><code>request shutdown system</code></td> <td>Shuts down the firewall.</td> <td><code>request shutdown system</code></td> </tr> </tbody> </table> <h3 id="configuration-management">Configuration Management</h3> <table> <thead> <tr> <th>Command/Method</th> <th>Description</th> <th>Example</th> </tr> </thead> <tbody> <tr> <td><code>configure</code></td> <td>Enters configuration mode.</td> <td><code>configure</code></td> </tr> <tr> <td><code>show</code></td> <td>Displays current configuration (in config mode).</td> <td><code>show running full</code></td> </tr> <tr> <td><code>set &lt;path&gt; &lt;value&gt;</code></td> <td>Configures a parameter.</td> <td><code>set deviceconfig system dns-setting servers primary 8.8.8.8</code></td> </tr> <tr> <td><code>delete &lt;path&gt;</code></td> <td>Deletes a configuration element.</td> <td><code>delete network interface ethernet ethernet1/1 layer3 ip 192.168.1.1/24</code></td> </tr> <tr> <td><code>commit</code></td> <td>Saves and applies changes.</td> <td><code>commit</code></td> </tr> <tr> <td><code>commit force</code></td> <td>Forces a commit, overriding warnings.</td> <td><code>commit force</code></td> </tr> <tr> <td><code>commit partial &lt;target&gt;</code></td> <td>Commits only specific configuration changes.</td> <td><code>commit partial device-and-vsys</code></td> </tr> <tr> <td><code>save config to &lt;filename&gt;</code></td> <td>Saves the current candidate configuration to a file.</td> <td><code>save config to my_config_backup.xml</code></td> </tr> <tr> <td><code>load config from &lt;filename&gt;</code></td> <td>Loads a configuration from a file.</td> <td><code>load config from my_config_backup.xml</code></td> </tr> <tr> <td><code>revert config</code></td> <td>Discards uncommitted changes.</td> <td><code>revert config</code></td> </tr> </tbody> </table> <hr> <h2 id="network-configuration">Network Configuration</h2> <h3 id="zones-and-interfaces">Zones and Interfaces</h3> <p>Palo Alto Networks firewalls use security zones to group interfaces with similar security requirements. Policies are applied between zones, not directly between interfaces.</p>https://ai-blog.noorshomelab.dev/guides/passkeys-advanced-developer-guide/Sun, 31 Aug 2025 00:00:00 +0000https://ai-blog.noorshomelab.dev/guides/passkeys-advanced-developer-guide/<hr> <h1 id="passkeys-for-advanced-developers-deep-dive-into-implementation-enterprise-and-full-stack-integration">Passkeys for Advanced Developers: Deep Dive into Implementation, Enterprise, and Full-Stack Integration</h1> <p>Welcome to the advanced guide on Passkeys. This document is tailored for developers who have a solid understanding of fundamental passkey concepts, public-key cryptography, and the basic WebAuthn workflow. We will now explore the deeper technical aspects of passkey implementation, advanced use cases, enterprise considerations, and a hands-on full-stack project integrating React and Node.js.</p> <h2 id="1-introduction-to-advanced-passkeys">1. Introduction to Advanced Passkeys</h2> <h3 id="what-are-advanced-passkey-concepts">What are Advanced Passkey Concepts?</h3> <p>Beyond the basics of registration and authentication, advanced passkey concepts involve:</p>